Scripting Options

requires php 5.2 or later to edit scripts online

Mara not only allows php and javascript code within both the theme and individual pages, but also permits those pages to be edited online without damaging any scripts they contain. As far as we know, this is a unique feature among CMS. We would go as far as to say that in our opinion this is a star feature, and one which opens the way for all kinds of innovative development work, for example it is possible to code php contact forms, or javascript items such as slideshows or PayPal buttons within individual pages. 

When a page containing scripts is opened in edit mode, scripts within the page are indicated by red placeholders.

The placeholder can be expanded by dragging the corner whilst you are logged-in but the editor is turned off.  The code shown in the placeholder is readonly. To edit the script, turn editing on, right-click the placeholder and select Properties. Here you can change the contents. The Name, Columns and Rows fields are normally left blank. Your script should be surrounded by <?php...?> or <script>...</script> tags as appropriate.

Be aware that it is possible to delete a script placeholder, and doing so deletes the script. If this happens accidentally, use Ctrl-Z to recover it.

Presently the editor has no button to create a script placeholder. One might be added at some point in the future. However, it is very easy to create a placeholder by going into source edit mode and entering a pair of script start and end tags with whatever code you like between them. When the sourcecode changes are committed back into the GUI editor, the script tags will automatically invoke a placeholder.  You can also copy and paste an existing placeholder with Ctrl-C, CtrlV to create a second script.

Scripts do not run when in admin/editing mode. (If they did, you would be editing the results of script processing instead of the file as it is, and that would lead to some very confusing and possibly content-damaging situations.) To test your script whilst still in edit mode, use the Preview button, which is to the right of the Save button. Provided you don't press Save, previewing will not change the onsite version of the page.

It is suggested that placeholders should contain only a small amount of code, any complex code being in a php include or linked js file, called from the placeholder.

As of v2.2, online script editing is only permitted for Managers and Administrators. (Security levels 4 & 5) It is felt that this is a more secure arrangement. Note that because of this change, if you log on directly to the page whose scripts you want to edit, the page will automatically refresh in order to enter script-editing mode. If you do not have permission to edit scripted pages, then at this point you will see an 'access denied' notice instead of the page.

If desired, the permission required to edit scripts can be reduced to Editor or Writer level. It is controlled by the inline_scripts item in the [editing] section of siteini.php.

Execution order:
Note that Mara processes scripts by 'playing' the respective files into a webserver buffer, before collating the output and sending it to the browser. Thus, php code in the theme, and php in the page are effectively running in separate processes, and thus one will not necessarily 'see' any globals or public functions created or modified by the other. Both the theme and page can access system globals and functions, and changes to globals made by the page will precede the running of theme scripts. (which might be the reverse of what you expect) 

Javascript code is executed in the browser after the collated page has been transmitted, and hence is not subject to this consideration.

It is of no use putting Javascript outside of the head or body regions of the theme, or in the head of a page, since Mara does not 'play' these regions to the browser.

As of Mara 2.01 beta, scripts can be edited with php5.2 or later. This change was made to allow use on some hosts which have yet to adopt php5.3

An ordinary textarea is not a placeholder, and will not function as such.

Care should be taken to avoid scripting syntax errors in the theme or page, whose presence may cause the editing interface to fail to load. If you cannot get the editor to load after inserting a script, first place to look is for an unclosed parenthesis in any scripting, which will cause all javascript or php to bug-out from that point onward. A missing semicolon line terminator in php will have the same effect.  If in the theme, you need to edit the theme code manually and re-upload it. If this arises through a faulty script in a page, log in from another page of the same site, then go to the problem page, and turn on the editor. Since in-page scripts will then be in placeholder mode, they should not affect the editor, and you can then correct or delete the offending script.

Javascript placed in a webpage (of any kind) is never secure from prying eyes, because it can always be loaded into a browser with scripting disabled, and read. This is nothing to do with Mara, but a fundamental Web security issue that applies to all sites.

php in pages is intrinsically more secure in that it cannot be directly browsed, and recent Mara versions require a login to view or edit the programming content of pages containing php code.